General
-
Target
3e44e780a76526026a6ddbcea40043e5fd098bf107b0b68f7d9d232eb72ae574
-
Size
626KB
-
Sample
220701-jw54hscfa7
-
MD5
d2b8bfc68681f6e58838eff7a2cb33c0
-
SHA1
1c365788f6d248efea2a1a7f574efd610866deff
-
SHA256
3e44e780a76526026a6ddbcea40043e5fd098bf107b0b68f7d9d232eb72ae574
-
SHA512
6eeb7aa28dd1a038d8cf87b50c7bc46496cbb6e0b2181ea01bf9b0c0b3601229f84845a6025a21357b2fede93ac34ead37fd96809b0f914f89cae7ca4f43a6dc
Malware Config
Extracted
netwire
185.101.93.198:8681
185.101.93.198:9691
89.46.223.154:8585
89.46.223.154:1194
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
3e44e780a76526026a6ddbcea40043e5fd098bf107b0b68f7d9d232eb72ae574
-
Size
626KB
-
MD5
d2b8bfc68681f6e58838eff7a2cb33c0
-
SHA1
1c365788f6d248efea2a1a7f574efd610866deff
-
SHA256
3e44e780a76526026a6ddbcea40043e5fd098bf107b0b68f7d9d232eb72ae574
-
SHA512
6eeb7aa28dd1a038d8cf87b50c7bc46496cbb6e0b2181ea01bf9b0c0b3601229f84845a6025a21357b2fede93ac34ead37fd96809b0f914f89cae7ca4f43a6dc
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-